Home > linux > oHow to give a program fake system time so that you can use it forever

oHow to give a program fake system time so that you can use it forever

February 18th, 2009
Goto comments Leave a comment

Even if using Linux in the normal time, someone may have to use proprietary software more or less. And many softwares only provide the public a X-Day limited edition, or a tried license will go out in a short time.

When the tried license expired, the softwares won’t work unless you update the license at a very expensive price.

However, many (illegal) means are available to get around the license protection. It’s not too hard for a experienced cracker or a skilled hacker. I take two approaches to get the goal. One approach use ptrace to intercept system call in the run time; the other one load an additional libraries which be modified into the program, replace the original system call with the fakes.

All work I do in user-level without any reverse engineering. So they are easy to use.

I assume that the program to compare times be written as follow. :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
#include <time.h>
#include <stdio.h>
#include <stdlib.h>

int main(){
    time_t now;
    time(&now);

    struct timeval tv;
    gettimeofday(&tv, NULL);

    printf("Now 1 : %s", asctime(localtime(&now)));
    printf("Now 2 : %s", asctime(localtime(&tv.tv_sec)));

    // you can compare time here...
    return 0;
}

now I run the code, it display the time and date, like Linux instruct `date`

$ gcc target.c -o target
$ ./target
Now 1 : Mon Feb  9 17:29:29 2009
Now 2 : Mon Feb  9 17:29:29 2009

And then we run You Xu’s code, which have be modified a bit to adapt my computer architecture(i386). I also add a extra system call interception as a ptrace sample to generate fake value through point parameter.
[download code written by Mr. Xu]
[download code modified by me]

run my code:

$ gcc faketime.c -o faketime
$ ./faketime target
argc: 2
argv: ./faketime
argv: target
exec target
addr=3216373752, data=1175737392
addr=3216373756, data=0
Now 1 : Thu Apr  5 09:43:12 2007
Now 2 : Thu Apr  5 09:43:12 2007

hummmm…the output seems not bad. I push the target into a time machine and it back to Apr 5 2007.
The second way is easier, but I need generate a dynamic library to make alternative system call `time` and `gettimeofday`:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
#include <dlfcn.h>
#include <unistd.h>
#include <sys/types.h>
struct timezone {
   int tz_minuteswest;     /* minutes west of Greenwich */
   int tz_dsttime;         /* type of DST correction */
};

time_t time(time_t *t) {
    *t = 1175737392;
    return (time_t)1175737392;
}

int gettimeofday(struct timeval *tv, struct timezone *tz) {
    tz = NULL;
    tv->tv_sec = 1175737392;
    tv->tv_usec = 0;
    return 0;
}

Compile it:

gcc -shared fakeload.c -o fakeload.so

Set LD_PRELOAD to instruct the loader to load my library:

export LD_PRELOAD="./fakeload.so"

Finally, run the target in terminal directly:

$ ./target
Now 1 : Thu Apr  5 09:43:12 2007
Now 2 : Thu Apr  5 09:43:12 2007

Bingo!

linux ,

  1. No comments yet.
  1. No trackbacks yet.